MCSE: Windows Server 2003 Active Directory and Network Infrastructure Design Study Guide (70-297)

MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

• Design the network services infrastructure to meet business and technical requirements.

  • Create the conceptual design of the DHCP infrastructure.

  • Create the conceptual design of the remote access infrastructure.

• Design security for remote access users.

  • Identify security host requirements.

  • Identify the authentication and accounting provider.

  • Design remote access policies.

  • Specify logging and auditing settings.

• Design a remote access strategy.

  • Specify the remote access method.

  • Specify the authentication method for remote access.

• Design an IP address assignment strategy.

  • Specify DHCP integration with DNS infrastructure.

  • Specify DHCP interoperability with client types.

• Design Internet connectivity for a company.

• Design a network and routing topology for a company.

  • Design a TCP/IP addressing scheme through the use of IP subnets.

  • Specify the placement of routers.

  • Design IP address assignment by using DHCP.

  • Design a perimeter network.

• Design the remote access infrastructure.

  • Plan capacity.

  • Ascertain network settings required to access resources.

  • Design for availability, redundancy, and survivability .

In the previous chapter, we introduced the first piece of the physical aspects of the infrastructure design: the site topology, which controls the replication and application needs of a company and helps keep the Active Directory infrastructure running efficiently . Without a good site design, user authentication, application usage, and replication will not be as effective as a company needs.

In this chapter, you are going to learn how to allow users to connect to resources within the organization. Gone are the days of companies as autonomous units not needing access to other organizations resources. Most companies today need to allow both internal and remote users to access data. They need that data to remain secure, while at the same time, allowing the users to perform their tasks in an efficient manner. The first section discusses available options for allowing internal users to connect to the resources they need to perform their job functions. The second and third sections deal with allowing remote users to connect to internal resources.

Before creating the design, you need to identify who will be accessing the organization s resources and how. Internal users accessing local resources will not take as much planning as users who connect remotely. Because local area networks (LANs) are generally allotted a generous amount of data throughput, concerns about data access requirements are not as much an issue as they are with wide area networks (WANs) or dial-up connections.

Users connecting remotely place additional demands on the designer. The available bandwidth on remote connections is usually not as high as that of the LAN. Depending on their connection method, users may not be able to access applications or data that they normally take advantage of while connected to the LAN. Plus, due to security requirements, they may need to use Virtual Private Network (VPN) technologies, which could slow down their connection due to the inherent nature of the overhead required to maintain a VPN connection.